How to create graph based on Std deviation & Avg

jaibalaraman · ‎04-01-2024

Hi

Can anyoine suggest me how to create Avg & Std Dev graph from the fields

jaibalaraman · ‎04-01-2024

Hi Kendall

yes i tried that, stil not getting any output

KendallW · ‎04-01-2024

Add a space between the two timechart functions. E.g.

| timechart avg(event.Properties.duration) stdev(event.Properties.duration)

Also, you can remove the

| iplocation

as we aren't using any of the fields that command adds for this visualization, so it will only slow down the search.

tscroggins · ‎04-01-2024

You can calculate the mean and standard deviation using the stats command:

| stats avg(event.Properties.duration) as u stdev(event.Properties.duration) as s

however, that won't produce a chart.

At a glance, your data is not normally distributed. You can generate a simple histogram with the chart command:

| chart count over event.Properties.duration span=31

If you have Splunk Machine Learning Toolkit installed, you can use the histogram macro and visualization:

| `histogram("event.Properties.duration", 31)`

Note that the histogram macro uses the bin command:

bin "$var$" bins=$bins$ | stats count by "$var$" | makecontinuous "$var$" | fillnull count

It won't necessarily honor your bin count.

What type of graph or visualization would you like to create?

jaibalaraman · ‎04-02-2024

The below 2 commands are not working

| `histogram("event.Properties.duration", 31)`

bin "$var$" bins=$bins$ | stats count by "$var$" | makecontinuous "$var$" | fillnull count

What type of graph or visualization would you like to create?

Just want to create a dashboard tile to show the metric

KendallW · ‎04-01-2024

. . . | timechart avg(event.Properties.duration) stdev(event.Properties.duration)

Are you a member of the Splunk Community?